RFID's EPC memory private bits meaning

Question

I'm reading and writing some RFID, whose EPC is 16 bit long. Let's say I write 16 byte 00 (0x00) on a tag, and then read the whole EPC memory, which is 20 byte long, I get:

41CB400000000000000000000000000000000000

Let's say now I write 11223344 as new EPC and then I read the memory again, I get:

3658100011223344000000000000000000000000

Keep in mind that the maximum length of the EPC byte array that you can write is 16.

Every time I read the memory there are 4 bytes more at the beginning, and I wanted to know what they mean. I think that the 3rd and 4th bytes indicates the length of the EPC: 4000 [16384] for the 16bit, 1000 [4096] for the 4bit

What does the other mean?

Answer 1

There indeed are some additional bytes in the EPC memory before the actual EPC. Those bytes are:

• Byte 1 and 2: Cyclic Redundancy Check (CRC) word. This CRC is used by the reader to verify whether the received EPC is correct or not, as a verification of the wireless link between the tag and the reader.
• Byte 3 and 4: 'Protocol Control' (PC) word:
  • Bits 0x10..0x14: Length of the EPC (in words). This is not the maximum length of the EPC you can store in the tag, but the length that is backscattered by the tag to the reader during an inventory.
  • Bit 0x15: User Memory Indicator (UMI).
  • Bit 0x16: Extended Protocol Control (XPC) Indicator (XI).
  • Bit 0x17: Numbering system identifier toggle (T). If '0', tag is encoded according to GS1 standards. If '1', not.
  • Bits 0x18..0x1F: RFU or Application Family Identifier. If T is '0', than this is set to '00'. Else, according to ISO/IEC 15961.

You can find the details in section 6.3.2.1.2.2 of the EPC Gen2 Air Interface Standard.

If the XI bit is high, there are more bytes before the actual EPC storing some additional control information (called 'Extended Protocol Control' (XPC)). However, this is quite rare to see in practise at the moment.